All their customers & press should be at them to explain this one. It’s a remote access backdoor in a remote access security product. How did it get there? Why did it go undetected for years? What steps are being taken to stop it happening again? Are there any other backdoors?
-
-
Prikaži ovu nit
-
It’s just so difficult to know where to begin with the Fortinet stuff. Like why does a 90s ../../ exploit output the admin account passwords.. in plain text?!https://opensecurity.global/forums/topic/181-fortinet-ssl-vpn-vulnerability-from-may-2019-being-exploited-in-wild/ …
Prikaži ovu nit -
Note that Fortigate have completely failed to address why there is a parameter called "magic" hidden in their software which acts as a backdoor, how it got there, and how they will stop it happening again. They've ignored tweets about it too.
Prikaži ovu nit -
Fortigate claim the remote access backdoor in their remote access security product was created for “a customer”. They still haven’t clarified when (at least 5 years ago it was added, btw) https://www.securityweek.com/pulse-secure-says-majority-customers-patched-exploited-vulnerability …
Prikaži ovu nit -
Fortigate have a blog up which gives a completely different explanation for the issue, they used the term "backdoor" with
@dangoodin001 and said "a customer" request in main code in error in@SecurityWeek, but now say a password change featurehttps://www.fortinet.com/blog/business-and-technology/fortios-ssl-vulnerability.html …Prikaži ovu nit -
It's confidence inspiring that one of our firewall vendors has 3 completely different explanations in different places for how - let's be clear about this - a deliberate backdoor ended up in the product which circumvented the security of their product.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
So just for my own edification on this, the SSL vpn service has to be enabled and running for this exploit to work, right? Or does it matter?
- Još 5 drugih odgovora
Novi razgovor -
-
-
History repeats itself with yet another backdoor from Fortinet. This isn't their first time of doing something like this. The last time it wasn't called a backdoor; it was called a "management authentication issue":https://www.helpnetsecurity.com/2016/01/13/fortinet-says-backdoor-found-in-fortios-is-a-management-authentication-issue/ …
- Još 6 drugih odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.